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Claim Rejections - 35 USC §112 

1 . The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

2. Claim 3 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. The phrase "a unit which records the authentication data 
generated by the generation unit on a portable recording medium; a recording unit 
which records the authentication data recorded on the recording medium" cannot be 
ascertained, because it is unclear as to what is the difference between "a unit which 
records the authentication data generated by the generation unit on a portable recording 
medium" and "a recording unit which records the authentication data read out by the 
unit" and." 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

3. Claims 1, 9-19 are rejected under 35 U.S.C. 102(b) as being unpatentable by 
Nishino et al. (US 5,857,024). 

Claim 1 , Nishino discloses a unit, which reads out authentication data recorded 
on a portable recording medium by another device (the prior art discloses a terminal 
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device which reads out authentication data from the recording medium and the prior art 
discloses a portable microcomputer as the portable medium (col. 1, lines 17-19; col. 4, 
lines 50-53)); a recording unit which records the authentication data read out by the unit 
(the limitation of a recording unit which records the authentication data read out by the 
unit is implicitly disclosed by the prior art, as the card needs a mechanism to transport 
data to and from it, in addition the card is a dumb device which has no use without a 
recording unit to add data into it); an authentication unit which performs mutual 
authentication processing between the authentication unit and the another device by 
using the authentication data recorded in the recording unit (col. 3, lines 5-9). 

Claim 2 and 4, Nishino discloses the computer wherein the recording unit 
records the authentication data on a nonvolatile recording medium (col. 4, lines 21-22). 

Claim 3, Nishino discloses a computer comprising; a generation unit, which 
generates authentication data (col. 1, lines 17-19; col. 2, lines 50-64); a unit, which 
records the authentication data generated by the generation unit on a portable recording 
medium (col. 1, lines 17-19); a recording unit which records the authentication data 
recorded on the recording medium (the limitation of a recording unit which records the 
authentication data read out by the unit is implicitly disclosed by the prior art, as the 
card needs a mechanism to transport data to and from it, in addition the card is a dumb 
device which has no use without a recording unit to add data into it (col. 2, lines 50-64; 
col. 8, lines 14-15)); recording unit to record authentication data into card is an intrinsic 
property of the invention, as the authentication card (token) is not able to create or 
record program on its own). 
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Claims 9-14 and 19, Nishino discloses: The computer according to claim 1, 
wherein the authentication unit comprises: a first reception unit which receives an 
authentication request from the another device; and a first transmission unit which 
transmits data generated using the authentication data to the another device in 
response to the authentication request received by the first reception unit. The computer 
according to claim 3, wherein the authentication unit comprises: a second transmission 
unit, which transmits an authentication request to the another device; a second 
reception unit which receives data transmitted from the another device in accordance 
with the authentication request transmitted by the second transmission unit; and a 
determination unit which determines whether the data received by the second reception 
unit has been generated using the authentication data. The computer according to claim 
1, wherein the authentication unit comprises: a third transmission unit which transmits 
data generated using the authentication data to the another device; a third reception 
unit which receives data transmitted from the another device; and a determination unit 
which determines whether the data received by the third reception unit has been 
generated using the authentication data. The computer according to claim 3, wherein 
the authentication unit comprises: a third transmission unit which transmits data 
generated using the authentication data to the another device; a third reception unit 
which receives data transmitted from the another device; and a determination unit which 
determines whether the data received by the third reception unit has been generated 
using the authentication data. The computer according to claim 1 , wherein the portable 
recording medium is configured to guarantee authenticity of recorded data. The 
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computer according to claim 3, wherein the portable recording medium is configured to 
guarantee authenticity of recorded data (mutual authentication between the card and 
the another device is implicitly disclosed in the prior art. See para. 3; see abstract). 

Claim 15, Nishino discloses the computer wherein the generation unit comprises; 
an acquisition unit, which acquires owner data; and an authentication data generation 
unit, which generates authentication data on the basis of the owner data (see abstract). 

Claim 17, Nishino discloses, the computer wherein the acquisition unit 
comprises, an input unit which inputs the owner data; and an owner data confirmation 
unit which confirms authenticity of the owner data input by the input unit (see abstract). 

Claim 16, Nishino discloses the computer wherein the acquisition unit acquires 
biometric information of an owner as the data (see abstract line 1 ; column 1 , lines 23- 
31). 

Claim 18, Nishino discloses a device authentication method comprising; causing 
a first device to generate authentication data and record the authentication data on a 
portable recording medium; causing a second device to read out the authentication data 
from the portable recording medium and performing mutual authentication processing 
by using the authentication data between the first and second devices (see abstract; 
col. 3, lines 5-10). 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 5-6, are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Nishino et al. (US 5,857,024) in view of Menezes et al. (Handbook of applied 
Cryptography, ISDN: 0-8493-8523-7; Published by 1997 by CRC Press LLC). 

Claim 5-6, Nishino discloses all the limitation of claim 5 except for the computer 
wherein the authentication unit includes; a determination unit which determines whether 
current time falls within a valid period; and an invalidation unit which invalidates the 
authentication data when the determination unit determines that the current time does 
not fall within the valid period. The general concept of determining a valid time period 
and invalidating an authentication data is well known in the art as taught by Menezes, 
which discloses a timestamp to validate the timeliness and uniqueness of messages as 
to protect against replay attack as well as to implement time-limited access privilege 
and to detect for delays (page 399 section 10-13; 10-14 and 10-15). 

Claims 7-8, are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Nishino et al. (US 5,857,024) in view of Saito (US 2003/0041241 A1). 

Claims 7-8, Nishino discloses all the limitation of claim 7 except for the computer 
wherein the authentication unit comprises; a count storage unit, which stores an 
execution, count of mutual authentication processing; a determination unit, which 
determines whether the execution count falls within a valid count, on the basis of data 
presenting the valid count contained in the authentication data; and invalidation unit 
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which invalidates the authentication data when the determination unit determines that 
the execution count does not fall with the valid count. The general concept of a count 
storage unit which stores an execution count of mutual authentication processing; a 
determination to validate if a count is valid and an invalidation to invalidate an 
authentication data is well known I the art as illustrated by Saito, which disclosed a 
storage unit which stores execution count of mutual authentication data processing (col. 
18, lines 21-23; lines 30-32); a determination to validate if a count is valid and an 
invalidation to invalidate an authentication data (col. 19, lines 25-28; lines 41-45). 
Therefore it would have been obvious for one of ordinary skill in the art at the time of the 
invention to modify Nishino to include the use of Saito in order validate authentication 
data as to avoid replay attack and therefore provide secure communication among the 
communication parties. 

Conclusion 

6. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Esteve Mede whose telephone number is 571-270- 
1594. The examiner can normally be reached on Monday thru Friday, 8:30-5:00 PM, 
EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Frantz Jules can be reached on 571-272-6681. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. . 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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